- Replace InternalAuthService with TokenService using JWT tokens
- Add support for token issuance, refresh, verification and revocation
- Implement automatic signing key rotation with Redis storage
- Add database migration checks for indexes and foreign key constraints
- Update gRPC endpoints to use token-based authentication
- Remove deprecated API key based authentication system
- Add JSON Web Token support with HMAC-SHA256 signing
- Implement refresh token handling with automatic rotation
- Add token revocation by JTI and user ID
- Update build configuration to include core proto files
- Migrate database schema to handle token-based authentication
- Add comprehensive token validation and verification logic
- Remove extended columns (repo_id, issue_id, pull_request_id,
channel_id, message_id, target_type, target_id, action_url,
priority, metadata, deleted_at) from CREATE TABLE in 001_init.sql
- Add migration 013_notification_extra_columns.sql that uses
ALTER TABLE ADD COLUMN IF NOT EXISTS for all extended columns
- Move extended column indexes to the new migration
- Ensures compatibility with databases that already have a basic
notification table from a previous schema version
- Define code style rules, forbidden patterns, and error handling
- Document security, database, API design, and testing standards
- Include Git workflow and architecture decision records
- service/auth/login.rs: extract auth_find_user() helper combining
username + email lookup, reducing login flow from 5 levels to 3
- etcd/register.rs: extract run_keep_alive_stream() and
renew_lease_and_reregister() from spawn_keep_alive(), reducing
max nesting from 7 levels to 3
- Replace 15 occurrences of unwrap_or("HEAD") with
unwrap_or(DEFAULT_REVISION) across 10 files
- All git API handlers and service methods now reference the shared
constant from models::common
- Add ReviewState enum (pending, approved, changes_requested, etc.)
- Add DEFAULT_REVISION constant for git HEAD references
- service/pr/reviews.rs: use ReviewState for review creation and
submission state validation
- service/pr/core.rs: use MergeStrategyKind for merge strategy
selection
- service/im/stages.rs: use StagePrivacyLevel for stage creation
- service/im/invitations.rs: use Role enum for invitation role
defaults
- session/config.rs: add SessionConfig struct that pre-validates all
session configuration values, with build_middleware() for infallible
middleware construction
- session/middleware.rs: expose parse_same_site as pub(crate)
- session/storage/redis.rs: derive Clone for RedisSessionStore
- main.rs: validate session config before HttpServer loop, use
SessionConfig::build_middleware() inside closure; add
sqlx::migrate!() call after database connection
- cache/lru.rs: replace lock().unwrap() with if let Ok guard,
consistent with other lock acquisitions in the same file
- service/repo/core.rs: replace try_into().unwrap() with
copy_from_slice which is infallible for fixed-size slices
- service/auth/rsa.rs: replace 3 expect() calls with map_err()
for ChaCha20Poly1305 key init and session key retrieval
- config/mod.rs: replace GLOBAL_CONFIG.get().expect() with
unwrap_or_else fallback to empty config
- Add 'migrate' feature to sqlx dependency
- Renumber migrations to fix duplicate version numbers (two 014 files)
- Re-sequence migrations 009-012 for continuous ordering
- Add ALTER TABLE ADD COLUMN IF NOT EXISTS baseline for notification
table to handle existing databases missing newer columns
- Remove deleted IM migration files (009-012) that were superseded
- Add PR assignees API with list, assign, and unassign operations
- Add PR check runs API with create, update, list, and delete operations
- Implement workspace finding by ID method in core service
- Update .gitignore to include .env* files while preserving .env.example
- Reorder imports in multiple API files for consistency
- Format function calls with proper line breaks across PR-related APIs
- Add wiki revision comparison endpoint with proper schema definitions
- Integrate new API modules into main application setup
- Add health check, readiness probe, and OpenAPI endpoints to main server
- Configure session management and dependency injection in main application
- Add gen_openapi binary for generating OpenAPI specification
- Implement comprehensive pull request API endpoints including core operations
- Add pull request reviews, check runs, labels, assignees, and events APIs
- Include pull request status and merge strategy management endpoints
- Add wiki page CRUD operations with revision history and comparison
- Update OpenAPI documentation with Pull Requests and Wiki tags
- Modify workspace find function visibility for external access
- Integrate new API modules into main OpenAPI router configuration
- Reordered actix-web imports to standardize import order
- Reordered crate module imports to follow alphabetical ordering
- Updated function calls to use multi-line formatting for better readability
- Standardized blank lines around documentation comments
- Applied consistent formatting to response handling methods
- Normalized import organization across all repository-related API files
- Improved code consistency and maintainability through standardized formatting
- Applied formatting updates to all repository endpoint implementations
- Introduce new repo module with complete repository functionality
- Add endpoints for repository CRUD operations (create, get, update, archive, delete)
- Implement branch management with create, list, delete and protection features
- Add tag management with create, list and delete operations
- Include release management with create, update and delete capabilities
- Support repository forking with sync functionality
- Implement starring and watching mechanisms for repositories
- Add member management with roles and invitations
- Provide deploy key management for CI/CD integration
- Create webhook management for external integrations
- Implement branch protection rules with approval requirements
- Add commit status and comment functionality for code reviews
- Include merge checking logic for pull requests
- Register all new endpoints in OpenAPI documentation
- Configure routes to handle new repository-specific paths
- Replace workspace_id parameter with Workspace object reference in all workspace service methods
- Remove redundant find_workspace_by_id calls that were duplicated in each method
- Update all method signatures across approval, audit, billing, branding, core, settings and stats modules
- Modify SQL queries to bind ws.id instead of separate workspace_id parameter
- Add Workspace import to all affected modules
- Adjust method calls in API handlers to pass workspace object instead of id
- Consolidate workspace retrieval logic to single location per operation flow
- Removed auto_into_responses feature from utoipa dependency configuration
- Kept other utoipa features including uuid, chrono, actix_extras, decimal, and macros
- Updated Cargo.toml to reflect the reduced feature set for utoipa crate
- Add new auth module with captcha, login, logout, register, and email verification endpoints
- Implement two-factor authentication with TOTP enable, disable, verify, and backup codes regeneration
- Create RSA public key endpoint for secure password encryption
- Add user profile management with get current user and email retrieval
- Integrate OpenAPI documentation for all authentication endpoints
- Implement password reset functionality with email verification flow
- Add comprehensive API response structures with proper error handling
- Configure all auth routes under /api/v1/auth scope with proper tagging
- Implemented SessionMiddleware with cookie-based session key management
- Added support for encrypted and signed session cookies
- Integrated Redis backend for session state persistence
- Implemented session lifecycle management (create, update, delete)
- Added TTL extension policies for session timeout handling
- Created fluent builder for session middleware configuration
- Implemented cookie security features (secure, http-only, same-site)
- Added session state loading and persistence logic
- Implemented proper error handling and logging for session operations
- Added support for configurable session cookie parameters
- Implemented session key extraction and validation from requests
- Added actix-web and actix-multipart dependencies to Cargo.toml
- Integrated actix-web ResponseError trait for AppError handling
- Migrated session module to use actix-web request lifecycle management
- Enhanced Session struct with request-local state handling capabilities
- Implemented proper HTTP status code mapping for various error types
- Added comprehensive session middleware integration points
- Updated session state persistence and modification tracking logic
- Integrated proper JSON response formatting for error messages
- Added support for session renewal, purge, and unchanged state management
zhenyi